[Samba] Kerberos ticket lifetime
rpenny at samba.org
Thu Oct 1 10:57:13 UTC 2020
On 01/10/2020 11:22, Remy Zandwijk wrote:
>> On 1 Oct 2020, at 10:31, Rowland penny via samba
>> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>> On 01/10/2020 00:23, Jason Keltz via samba wrote:
>>> On the domain controller (samba-ad-dc), I have in the config:
>>> kdc:user ticket lifetime = 24
>> I do not recognise that smb.conf option, could this be another
>> freebsd change that was never sent upstream or, if it was, it was
>> rejected ?
> Uh, no?
> So the question is, is that info on the Wiki (still) valid and if so,
> why isn't it documented in the smb.conf man page?
Well, you learn something new everyday :-)
A quick search in 'man smb.conf' on 'kdc', turns this up:
gpo update command (G)
This option sets the command that is called to apply GPO policies.
The samba−gpupdate script applies System Access and Kerberos Policies to
System Access policies set minPwdAge, maxPwdAge, minPwdLength, and
pwdProperties in the samdb.
Kerberos Policies set kdc:service ticket lifetime, kdc:user ticket
lifetime, and kdc:renewal lifetime in smb.conf.
Apart from the wiki page (which dates back to 2014), that is it.
Let me look into this further.
More information about the samba